GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

A supply chain compromise of the popular GitHub Action tj-actions/changed-files affected over 23,000 repositories, potentially exposing sensitive secrets like AWS access keys and GitHub Personal Access Tokens. The maliciously modified action printed CI/CD secrets in build logs, highlighting the risks of open-source software supply chains. Users are advised to update to the latest version and review workflows executed between March 14 and 15.